CVE-2014-5251
It was found that the MySQL token driver did not correctly store token expiration times, which prevented manual token revocation. Only OpenStack Identity setups configured to make use of revocation events were affected.
Find out more about CVE-2014-5251 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue does not affected openstack-keystone as shipped with Red Hat Enterprise Linux OpenStack Platform 4.0.
CVSS v2 metrics
| Base Score | 4.9 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:S/C:P/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 (openstack-keystone) | RHSA-2014:1122 | 2014-09-02 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 (openstack-keystone) | RHSA-2014:1121 | 2014-09-02 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 4.0 | openstack-keystone | Not affected |